PKR "hacking" my site?

KasinoKing

KasinoKing

Player turned affiliate.
Joined
Aug 10, 2009
Messages
3,295
Reaction score
1,468
Spotted something REALLY strange this-morning...

I have had PKR banners on various low-profile pages of my site for many years - never a problem before.

But today I happened to visit one of those pages online, and it AUTOMATICALLY redirected to the PKR website!
I had no idea this was even possible without me adding an instruction to the coding.
Tried some of the other pages - same result.

The code looks completely normal:
<iframe allowtransparency=true
src="http://ads.pkr.com/ad.aspx?bid=3124&amp;pid=118503&amp;ctcid=3988052"
width=468 height=60 marginwidth=0 marginheight=0 hspace=0 vspace=0
frameborder=0 scrolling=no>
</iframe>

I do nothing with PKR (except play there myself) - so I just deleted all the banners, which cured the problem.
But how could this have happened in the first place??? :eek:

KK
 
Last edited:
slotplayer

slotplayer

Affiliate Guard Dog Member
Joined
Aug 8, 2008
Messages
1,844
Reaction score
307
think document flow. Visit your page and the browser starts to render it, then it comes to the iframe code and is supposed to insert the banner but when it gets to the src url its not grabbing a banner from their server but doing a redirect. Just click on the src link you posted in the iframe above. You should see the banner but instead it redirects to a landing page.
 
V

Vladi

Affiliate Guard Dog Member
Joined
Feb 4, 2008
Messages
772
Reaction score
115
They aren't hacking your site. They have a "frame-busting" piece of javascript on the page that is loaded in the iframe. When you include an iframe on your site, you are serving up a complete web page from the other party's server. They can detect if they are the root frame and if not, redirect the browser to wherever they want. This is the code that is doing it:

Code: 
<script type='text/javascript'>window.parent.location.href='h__p://landing_pkr_com/en/bonus200?iatag=a_308b_5c_&extaffid=DEFAULT';</script>

I'd say it is probably accidental rather than malicious. A lot of sites put a frame-buster script so they can't be framed by other websites, and they may have unintentionally included it on their ad-server pages.
 
AussieDave

AussieDave

24 years & still going!
Joined
Nov 28, 2013
Messages
4,991
Reaction score
3,531
Just what Vladi said :)

I use a break out of frames buster script on all my sites.
 
KasinoKing

KasinoKing

Player turned affiliate.
Joined
Aug 10, 2009
Messages
3,295
Reaction score
1,468
Thanks guys.

I just completely removed all their banners off my sites anyway, as I have done sweet FA with them for years and it seems my affiliate account has even been closed!
But it's good to know what caused this anomaly so that I will know what to do if it ever happens again.

KK
 
You must log in or register to reply here.
Top